2
0

fips_rngvs.c 5.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204
  1. /*
  2. * Crude test driver for processing the VST and MCT testvector files
  3. * generated by the CMVP RNGVS product.
  4. *
  5. * Note the input files are assumed to have a _very_ specific format
  6. * as described in the NIST document "The Random Number Generator
  7. * Validation System (RNGVS)", May 25, 2004.
  8. *
  9. */
  10. #include <openssl/opensslconf.h>
  11. #ifndef OPENSSL_FIPS
  12. # include <stdio.h>
  13. int main(int argc, char **argv)
  14. {
  15. printf("No FIPS RNG support\n");
  16. return 0;
  17. }
  18. #else
  19. # include <openssl/bn.h>
  20. # include <openssl/dsa.h>
  21. # include <openssl/fips.h>
  22. # include <openssl/err.h>
  23. # include <openssl/rand.h>
  24. # include <openssl/fips_rand.h>
  25. # include <openssl/x509v3.h>
  26. # include <string.h>
  27. # include <ctype.h>
  28. # include "fips_utl.h"
  29. static void vst()
  30. {
  31. unsigned char *key = NULL;
  32. unsigned char *v = NULL;
  33. unsigned char *dt = NULL;
  34. unsigned char ret[16];
  35. char buf[1024];
  36. char lbuf[1024];
  37. char *keyword, *value;
  38. long i, keylen;
  39. keylen = 0;
  40. while (fgets(buf, sizeof buf, stdin) != NULL) {
  41. fputs(buf, stdout);
  42. if (!strncmp(buf, "[AES 128-Key]", 13))
  43. keylen = 16;
  44. else if (!strncmp(buf, "[AES 192-Key]", 13))
  45. keylen = 24;
  46. else if (!strncmp(buf, "[AES 256-Key]", 13))
  47. keylen = 32;
  48. if (!parse_line(&keyword, &value, lbuf, buf))
  49. continue;
  50. if (!strcmp(keyword, "Key")) {
  51. key = hex2bin_m(value, &i);
  52. if (i != keylen) {
  53. fprintf(stderr, "Invalid key length, expecting %ld\n",
  54. keylen);
  55. return;
  56. }
  57. } else if (!strcmp(keyword, "DT")) {
  58. dt = hex2bin_m(value, &i);
  59. if (i != 16) {
  60. fprintf(stderr, "Invalid DT length\n");
  61. return;
  62. }
  63. } else if (!strcmp(keyword, "V")) {
  64. v = hex2bin_m(value, &i);
  65. if (i != 16) {
  66. fprintf(stderr, "Invalid V length\n");
  67. return;
  68. }
  69. if (!key || !dt) {
  70. fprintf(stderr, "Missing key or DT\n");
  71. return;
  72. }
  73. FIPS_rand_set_key(key, keylen);
  74. FIPS_rand_seed(v, 16);
  75. FIPS_rand_set_dt(dt);
  76. if (FIPS_rand_bytes(ret, 16) <= 0) {
  77. fprintf(stderr, "Error getting PRNG value\n");
  78. return;
  79. }
  80. pv("R", ret, 16);
  81. OPENSSL_free(key);
  82. key = NULL;
  83. OPENSSL_free(dt);
  84. dt = NULL;
  85. OPENSSL_free(v);
  86. v = NULL;
  87. }
  88. }
  89. }
  90. static void mct()
  91. {
  92. unsigned char *key = NULL;
  93. unsigned char *v = NULL;
  94. unsigned char *dt = NULL;
  95. unsigned char ret[16];
  96. char buf[1024];
  97. char lbuf[1024];
  98. char *keyword, *value;
  99. long i, keylen;
  100. int j;
  101. keylen = 0;
  102. while (fgets(buf, sizeof buf, stdin) != NULL) {
  103. fputs(buf, stdout);
  104. if (!strncmp(buf, "[AES 128-Key]", 13))
  105. keylen = 16;
  106. else if (!strncmp(buf, "[AES 192-Key]", 13))
  107. keylen = 24;
  108. else if (!strncmp(buf, "[AES 256-Key]", 13))
  109. keylen = 32;
  110. if (!parse_line(&keyword, &value, lbuf, buf))
  111. continue;
  112. if (!strcmp(keyword, "Key")) {
  113. key = hex2bin_m(value, &i);
  114. if (i != keylen) {
  115. fprintf(stderr, "Invalid key length, expecting %ld\n",
  116. keylen);
  117. return;
  118. }
  119. } else if (!strcmp(keyword, "DT")) {
  120. dt = hex2bin_m(value, &i);
  121. if (i != 16) {
  122. fprintf(stderr, "Invalid DT length\n");
  123. return;
  124. }
  125. } else if (!strcmp(keyword, "V")) {
  126. v = hex2bin_m(value, &i);
  127. if (i != 16) {
  128. fprintf(stderr, "Invalid V length\n");
  129. return;
  130. }
  131. if (!key || !dt) {
  132. fprintf(stderr, "Missing key or DT\n");
  133. return;
  134. }
  135. FIPS_rand_set_key(key, keylen);
  136. FIPS_rand_seed(v, 16);
  137. for (i = 0; i < 10000; i++) {
  138. FIPS_rand_set_dt(dt);
  139. if (FIPS_rand_bytes(ret, 16) <= 0) {
  140. fprintf(stderr, "Error getting PRNG value\n");
  141. return;
  142. }
  143. /* Increment DT */
  144. for (j = 15; j >= 0; j--) {
  145. dt[j]++;
  146. if (dt[j])
  147. break;
  148. }
  149. }
  150. pv("R", ret, 16);
  151. OPENSSL_free(key);
  152. key = NULL;
  153. OPENSSL_free(dt);
  154. dt = NULL;
  155. OPENSSL_free(v);
  156. v = NULL;
  157. }
  158. }
  159. }
  160. int main(int argc, char **argv)
  161. {
  162. if (argc != 2) {
  163. fprintf(stderr, "%s [mct|vst]\n", argv[0]);
  164. exit(1);
  165. }
  166. if (!FIPS_mode_set(1)) {
  167. do_print_errors();
  168. exit(1);
  169. }
  170. FIPS_rand_reset();
  171. if (!FIPS_rand_test_mode()) {
  172. fprintf(stderr, "Error setting PRNG test mode\n");
  173. do_print_errors();
  174. exit(1);
  175. }
  176. if (!strcmp(argv[1], "mct"))
  177. mct();
  178. else if (!strcmp(argv[1], "vst"))
  179. vst();
  180. else {
  181. fprintf(stderr, "Don't know how to %s.\n", argv[1]);
  182. exit(1);
  183. }
  184. return 0;
  185. }
  186. #endif